Russia's Fancy Bear APT group is likely behind the malicious command and control domains found in Lojack agents, according to the Arbor Security Engineering & Response Team.

LoJack, a popular laptop recovery solution, “makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution,” researchers said, noting that while “the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads.” Because many antivirus programs don't flag the malware as a concern, it's largely able to do its dirty work without detection.

Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.

Experts have obtained a copy of the letter, which more than half a dozen sources described as unsolicited and unusual in how blunt and direct it was. Experts confirmed that at least five American firms received the letter, and multiple sources told us it was sent to many more.

The flaw in question, CVE-2018-4878, is a use-after-free bug that Adobe patched on February 6, following reports that North Korean hackers had been exploiting the vulnerability in attacks aimed at South Korea.

The threat group, tracked as APT37, Reaper, Group123 and ScarCruft, has been expanding the scope and sophistication of its campaigns. After Adobe patched the security hole, which allows remote code execution, other malicious actors started looking into ways to exploit CVE-2018-4878. Morphisec said it spotted a campaign on February 22, which had been using a version of the exploit similar to the one developed by APT37. 

Cryptojacking only really coalesced as a class of attack about six months ago, but already the approach has evolved and matured into a ubiquitous threat. Hacks that co-opt computing power for illicit cryptocurrency mining now target a diverse array of victims, from individual consumers to massive institutions—even industrial control systems.

But the latest victim isn't some faceless internet denizen or a Starbucks in Buenos Aires. It's Tesla. Researchers published findings on Tuesday that some of Tesla's Amazon Web Services cloud infrastructure was running mining malware in a far-reaching and well-hidden cryptojacking campaign. 

India’s City Union Bank said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.

The comments come after the small private lender on Saturday had disclosed it had discovered the three “fraudulent remittances”, which were sent via correspondent banks to accounts in Dubai, Turkey and China. Chief Executive Officer N. Kamakodi called it a “conspiracy” involving multiple countries, and added the lender was still investigating how it had happened. “This is basically a cyber attack by international cyber criminals,” he told. 

The two people who hacked ride-hailing firm Uber’s data in 2016 were in Canada and Florida at the time, a company security executive told a U.S. congressional committee on Tuesday.

About 25 million people whose data was compromised in the breach live in the United States, Uber Technologies Inc chief information security officer John Flynn said in written testimony to a Senate Commerce Committee panel. Of those, 4.1 million were drivers, said Flynn, whose testimony described new details about the hack, the handling of which prompted newly appointed Uber Chief Executive Officer Dara Khosrowshahi to fire two top security officials.

Hackers have hijacked the DNS server for BlackWallet, an online wallet application for the cryptocurrency Stellar Lumens (XLM), and drained users' accounts of hundreds of thousands of dollars. The attack reportedly took place on Saturday after hackers managed to hijack its DNS server, change the settings and redirect it towards their own third-party server.

"BlackWallet was compromised today after someone accessed my hosting provider account," the creator of BlackWallet said in a statement on Reddit. "He then changed the DNS settings to those of its fraudulent website (which was a copy of BlackWallet). 

When Stensul CEO Noah Dinkin visited a Starbucks in Buenos Aires recently, he probably didn’t expect to be served some sneaky cryptocurrency miner code along with his coffee. But thanks to the store’s internet provider, that’s exactly what he got.

“Hi Starbucks, did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop?” Dinkin tweeted on December 2. “Feels a little off-brand.” Dinkin wrote that Bitcoin was the digital currency being mined, but CoinHive, the company that provided the code for the miner, only works with Monero, a competing coin. 

Security researchers have discovered a new database floating around the dark web that contains a whopping 1.4 billion user names and password combinations in clear text.

While scouring the dark web for stolen, leaked or lost data, researchers at 4iQ found the 41GB file with an interactive, aggregate database dubbed the largest ever found in the dark web to date. The 1.4 billion records have been aggregated from various sources, earlier data breaches and credential lists. A portion of the unencrypted passwords have been tested by the researchers and were verified to be true.

The contents of a digital wallet belonging to cryptocurrency company NiceHash, which included potentially millions of dollars worth of customers' bitcoin, was stolen in a major security breach early Wednesday. The hack affected NiceHash's payment system, and the entire contents of the company's bitcoin wallet was stolen.

"Clearly, this is a matter of deep concern, and we are working hard to rectify the matter in the coming days," NiceHash said in the Facebook post. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement, and we are cooperating with them as a matter of urgency."